public bool Build(X509Certificate2 certificate) { if (certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate"); } if (certificate.Handle == IntPtr.Zero) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("certificate", System.IdentityModel.SR.GetString("ArgumentInvalidCertificate")); } System.IdentityModel.SafeCertChainHandle invalidHandle = System.IdentityModel.SafeCertChainHandle.InvalidHandle; X509ChainPolicy chainPolicy = this.ChainPolicy; chainPolicy.VerificationTime = DateTime.Now; BuildChain(this.useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.Handle, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, out invalidHandle); System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA pPolicyPara = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA))); System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS))); pPolicyPara.dwFlags = (uint)(chainPolicy.VerificationFlags | 0x1000); if (!System.IdentityModel.CAPI.CertVerifyCertificateChainPolicy(new IntPtr((long)this.chainPolicyOID), invalidHandle, ref pPolicyPara, ref pPolicyStatus)) { int hr = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(hr)); } if (pPolicyStatus.dwError != 0) { int dwError = (int)pPolicyStatus.dwError; throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(System.IdentityModel.SR.GetString("X509ChainBuildFail", new object[] { System.IdentityModel.SecurityUtils.GetCertificateId(certificate), new CryptographicException(dwError).Message }))); } return(true); }
public bool Build(X509Certificate2 certificate) { if (certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate"); } if (certificate.Handle == IntPtr.Zero) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("certificate", System.IdentityModel.SR.GetString("ArgumentInvalidCertificate")); } System.IdentityModel.SafeCertChainHandle invalidHandle = System.IdentityModel.SafeCertChainHandle.InvalidHandle; X509ChainPolicy chainPolicy = this.ChainPolicy; chainPolicy.VerificationTime = DateTime.Now; BuildChain(this.useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.Handle, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, out invalidHandle); System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA pPolicyPara = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA))); System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS))); pPolicyPara.dwFlags = (uint) (chainPolicy.VerificationFlags | 0x1000); if (!System.IdentityModel.CAPI.CertVerifyCertificateChainPolicy(new IntPtr((long) this.chainPolicyOID), invalidHandle, ref pPolicyPara, ref pPolicyStatus)) { int hr = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(hr)); } if (pPolicyStatus.dwError != 0) { int dwError = (int) pPolicyStatus.dwError; throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(System.IdentityModel.SR.GetString("X509ChainBuildFail", new object[] { System.IdentityModel.SecurityUtils.GetCertificateId(certificate), new CryptographicException(dwError).Message }))); } return true; }